Like a metal detector at an airport, firewalls work as an essential gatekeeper protecting a vulnerable place from an insidious threat. In the digital world, that vulnerable place is your private network and systems, while the insidious threat can be anything from a destructive virus to an internal hacker. Understanding which types of firewalls prevent which threats is critical; you need the right tools for the job, after all.
In this article, we cover the basic things you need to know about firewalls when it comes to protecting your business. We’ll discuss the different types of firewalls, as well as some of their advantages and disadvantages.
Types of Firewalls: Hardware Firewalls vs. Software Firewalls
Hardware Firewalls and Their Function
Hardware firewalls are the first line of defense to protect your private network against incoming threats. They decide which data packets are allowed into your intranet and which are turned away. As we’ll soon discover, there are many ways to do this.
Of course, malicious packets can make it past this first physical layer of protection. So, what happens next? This is where software firewalls come into play.
The Role of Software Firewalls
While software firewalls don’t decide which data packets enter your intranet, they do have the power to prevent access to specific applications and ports once inside your network. Not only does this provide more fine-grained protection, it has the secondary advantage of catching internal threats.
To return to our airport analogy: If the initial metal detector is the hardware firewall, then the security guards posted throughout the terminals are the software firewalls.
Now that we understand the difference between these two categories, let’s discuss the various types of firewalls. In order of ascending complexity, they are:
- Packet Filtering Firewalls
- Stateful Inspection Firewalls
- Circuit-Level Gateways
- Application-Level Gateways (Proxy Server Firewalls)
- Next-Generation Firewalls
In the next section, we take a brief tour of each of these. By the end of it, you should have a general understanding of how they work, in addition to some of their pros and cons.
What Are the Different Types of Firewalls and Their Functions?
Depending on who you ask, there are between three and five different types of firewalls in network security. For the sake of thoroughness, we cover all five.
1. Packet Filtering Firewall
The godfather of modern firewalls, packet filtering is still widely used today. While not suited to more advanced security threats, they remain a crucial element in early detection.
You’ll often hear these types of firewalls referred to as “stateless”. That’s because packet filtering technology is essentially just an access control list that decides to pass or prevent incoming data based solely on the packet’s IP address.
In cybersecurity, an access control list (ACL) is exactly what you think it is. It’s the proverbial no-fly list, whereby specific IP addresses are listed as untrustworthy and thus prevented from transmitting data packets through to a private network. Conversely, ACLs also have the power to grant access to trustworthy IP addresses.
Basically, an ACL sets and maintains the rules by which incoming packets are either forwarded or blocked—that’s it. This type of firewall is effective against more rudimentary threats and is both fast and affordable.
Note, however, that packet filtering firewalls don’t actually know the content of a data packet. This means that a malicious packet sent from a trusted IP will have no problem slipping past the lazy warden.
2. Circuit-Level Gateways
Similar to packet filtering firewalls, circuit-level gateways offer a rough and fast method to filter incoming data packets. In contrast to packet filtering, however, circuit-level gateways aren’t concerned with the incoming packet’s IP address.
Rather, their job is to verify the transmission protocol handshake (TCP). Of course, a successful handshake doesn’t ensure the absence of malicious traffic entering your private network.
The other similarity between packet filtering and circuit-level gateways is that neither type of firewall actually analyzes the contents of an incoming data packet. Though they work well in conjunction with other security measures, packet filtering and circuit-level gateways alone are not enough to protect your internal network.
Ready to Learn More?
3. Stateful Inspection Firewall
Now that you know what a stateless firewall is, you can probably intuit the advantages offered by a stateful firewall.
In contrast to mere packet filtering, stateful inspection not only verifies IP addresses but actually inspects incoming packets for hidden threats. This type of firewall generates a state table containing:
- Source IP
- Destination IP
- Source port
- Destination port
- Protocol (including TCP, UDP, and ICMP)
- And much more.
Instead of following a set of pre-established rules, this type of firewall demonstrates flexibility by compiling a state table of each incoming packet. Of course, the amount of processing power required to run a stateful inspection, can negatively affect the speed of network traffic. This also makes stateful firewalls a sitting duck for DDoS attacks.
4. Application-Level Gateway (or Proxy Server Firewall)
Of the four traditional types of firewalls, this is the one that offers businesses the most network security.
Application-level gateways—alternately referred to as proxy server firewalls—effectively filter messages at the communication-level interface between the client and server, known as the application layer in the OSI model. Application-level gateways are classified as high-level proxy firewalls.
The reason that proxy firewalls are considered so safe is because they reside on a proxy server as opposed to the main server. This prevents cyberattacks and malware from entering directly into your internal network.
Additionally, a proxy server has its own unique IP address and therefore conceals the main server’s IP. This is in contrast to both packet filtering and stateful firewalls, whose job it is to simply route packets rather than accept and establish network connections.
Of course, there are certain disadvantages to consolidating your private network security at the application level. Most commonly, connection speed and performance can suffer in the event of a traffic bottleneck.
This occurs for two main reasons.
- Proxy firewalls restrict network traffic to a single access point.
- They establish a unique connection for all incoming and outgoing requests.
The bottom-line is this: ALGs offer a more thorough packet inspection than other traditional firewalls. Additional security tactics also make ALGs exceptionally versatile—from attack detection and error detection, to validity checks and deep-packet inspection (DPI). Yes, speed and performance issues can arise, but these can be mitigated by other means.